lxc.apparmor.allow_incomplete = 1

更新内核之后，容器如法启动，提示：

sipl@sipl-4Xp:~$ lxc info --show-log dln
Name: dln
Remote: unix://
Architecture: x86_64
Created: 2019/06/02 15:25 UTC
Status: Stopped
Type: persistent
Profiles: default

Log:

lxc dln 20220930130750.859 WARN     conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance
lxc dln 20220930130750.859 WARN     apparmor - lsm/apparmor.c:apparmor_process_label_set:221 - Incomplete AppArmor support in your kernel
lxc dln 20220930130750.859 ERROR    apparmor - lsm/apparmor.c:apparmor_process_label_set:223 - If you really want to start this container, set
lxc dln 20220930130750.859 ERROR    apparmor - lsm/apparmor.c:apparmor_process_label_set:224 - lxc.apparmor.allow_incomplete = 1
lxc dln 20220930130750.859 ERROR    apparmor - lsm/apparmor.c:apparmor_process_label_set:225 - in your container configuration file
lxc dln 20220930130750.859 ERROR    sync - sync.c:__sync_wait:62 - An error occurred in another process (expected sequence number 5)
lxc dln 20220930130750.860 WARN     network - network.c:lxc_delete_network_priv:2589 - Operation not permitted - Failed to remove interface "eth0" with index 27
lxc dln 20220930130750.860 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING"
lxc dln 20220930130750.860 ERROR    start - start.c:__lxc_start:1939 - Failed to spawn container "dln"
lxc 20220930130750.861 WARN     commands - commands.c:lxc_cmd_rsp_recv:132 - Connection reset by peer - Failed to receive response for command "get_state"

按照提示，设置即可：

lxc config set xxx raw.lxc "lxc.apparmor.allow_incomplete = 1"